Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
IPsec DNS offering on macOS OSX
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPsec DNS offering on macOS OSX (Read 5137 times)
eugenmayer
Newbie
Posts: 24
Karma: 2
IPsec DNS offering on macOS OSX
«
on:
May 20, 2017, 07:33:08 pm »
I have a IPSEC mobile client connection (172.16.0.0/24) to my LAN ( 10.1.7.0 ).
- I run a DNS-Resolver and a DHCP server which is configured to set DNS entries for each client in LAN. The DNS-Resolver does domain overriding for domain.tld and listens on LAN and 127.0.0.1
Question/Need:
I wan the mobile-client to be able to resolve the domains for my LAN domain, domain.tld - which the DNS resolved offers (i can do that when using).
Configuration:
Thats how i configured the mobile client:
https://goo.gl/qYxP56
Thats how i configured the DNS Resolver:
https://goo.gl/o6Ibrs
Issue:
When i connect with my (El Capitan/Sierra) IPsec "Cisco" client, i can access LAN i cant really see that the DNS server is used.
If i do query the DNS server directly (from the mobile client) it works
Code:
[Select]
dig test.domain.tld @10.1.7.1
But i cannot resolve domains form domain.tld directly since the DNS server seems not to be forwarded during the connection?
«
Last Edit: May 20, 2017, 07:59:00 pm by eugenmayer
»
Logged
eugenmayer
Newbie
Posts: 24
Karma: 2
Re: IPsec DNS offering
«
Reply #1 on:
May 20, 2017, 07:43:43 pm »
Might be actually a IPsec Sierra client issue:
https://discussions.apple.com/thread/3071361?start=0&tstart=0
Logged
eugenmayer
Newbie
Posts: 24
Karma: 2
Re: IPsec DNS offering on OSX macOS
«
Reply #2 on:
May 20, 2017, 07:58:47 pm »
Well it is a OSX client issue, used
https://www.shimovpn.com/de/download/
- configured a general ipsec client and everything started to work exactly as expected.
Leaving this here for google - adjusting title
Logged
eugenmayer
Newbie
Posts: 24
Karma: 2
Re: IPsec DNS offering on macOS OSX
«
Reply #3 on:
May 21, 2017, 05:07:11 pm »
little update on this, after fiddling around with shimo vpn i was not able to get split DNS to work even though they explicitly offer it - i asked the support because i think thats a software bug. Also shimo VPN does not properly detect the network list, thus always configures to send the whole traffic through VPN, no matter how you setup the mobile client connection - this can be fixed by manual route overrides
i tried vpn tracker 9 or 365 then and that worked out completely, DNS and gateway work right away. You do not choose a device here, but rather a customer ipsec connection.
If there is any interest, i can paste the general configuration for both clients - in the end, they are very straight forward and aligned at exact the same terms used in opnsense
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
IPsec DNS offering on macOS OSX